Merge tag 'keys-next-20140722' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

author: James Morris <james.l.morris@oracle.com> 2014-07-24 11:36:19 (GMT)
committer: James Morris <james.l.morris@oracle.com> 2014-07-24 11:36:19 (GMT)
commit: 4ca332e11df42604e784bd7da9e483160636d05e (patch)
tree: 82e6ba6dff978edc2132e751c19197de50218c7e /security/integrity/ima/Kconfig
parent: 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7 (diff)
parent: 633706a2ee81637be37b6bc02c5336950cc163b5 (diff)
download: linux-4ca332e11df42604e784bd7da9e483160636d05e.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 81a2797..08758fb 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -123,3 +123,13 @@ config IMA_APPRAISE
 	  For more information on integrity appraisal refer to:
 	  <http://linux-ima.sourceforge.net>
 	  If unsure, say N.
+
+config IMA_TRUSTED_KEYRING
+	bool "Require all keys on the .ima keyring be signed"
+	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
+	depends on INTEGRITY_ASYMMETRIC_KEYS
+	select KEYS_DEBUG_PROC_KEYS
+	default y
+	help
+	   This option requires that all keys added to the .ima
+	   keyring be signed by a key on the system trusted keyring.
author	James Morris <james.l.morris@oracle.com>	2014-07-24 11:36:19 (GMT)
committer	James Morris <james.l.morris@oracle.com>	2014-07-24 11:36:19 (GMT)
commit	4ca332e11df42604e784bd7da9e483160636d05e (patch)
tree	82e6ba6dff978edc2132e751c19197de50218c7e /security/integrity/ima/Kconfig
parent	6d6f3328422a3bc56b0d8dd026a5de845d2abfa7 (diff)
parent	633706a2ee81637be37b6bc02c5336950cc163b5 (diff)
download	linux-4ca332e11df42604e784bd7da9e483160636d05e.tar.xz